Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Authentication on angular spa using msal.js

my angular app has 1000s unique routes and users should be able to click on login button from any of those pages. Have implemented msal.js basing on this sample :

https://github.com/Gimly/simpleAngularAzureB2C/blob/master/src/app/authentication.service.ts

I am getting following error when calling login method:

AADB2C90006:+The+redirect+URI+'http://localhost:39579/unique-uri'+provided+in+the+request+is+not+registered+for+the+client+id+

Is there a way to get around this?

Thanks!

like image 414
armache Avatar asked Dec 07 '17 02:12

armache


People also ask

What is Msal authentication?

The Microsoft Authentication Library (MSAL) enables developers to acquire security tokens from the Microsoft identity platform to authenticate users and access secured web APIs. It can be used to provide secure access to Microsoft Graph, other Microsoft APIs, third-party web APIs, or your own web API.

What is Msal in angular?

MSAL Angular enables Angular 9+ applications to authenticate enterprise users by using Azure Active Directory (Azure AD), and also users with Microsoft accounts and social identities like Facebook, Google, and LinkedIn. The library also enables applications to get access to Microsoft cloud services and Microsoft Graph.

What is Msal redirect URI?

When a user authenticates, Azure Active Directory (Azure AD) sends the token to the app by using the redirect URI registered with the Azure AD application. The Microsoft Authentication library (MSAL) requires that the redirect URI be registered with the Azure AD app in a specific format.


1 Answers

By default, the Msal.UserAgentApplication constructor sets the "redirect_uri" request parameter to the current URL, which doesn't scale.

The Msal.UserAgentApplication constructor accepts a "redirectUri" options argument that enables the "redirect_uri" request parameter to be set to a fixed URL (e.g. "http://localhost:39579/authcallback") that is registered for the Azure AD B2C application.

Before MSAL generates the authentication request to Azure AD B2C, it writes the current URL (e.g., "http://localhost:39579/unique-uri") to storage and then redirects the user agent to the authentication endpoint.

At the "/authcallback" endpoint, you must create a new instance of Msal.UserAgentApplication, to handle the authentication response.

After MSAL verifies the authentication response from Azure AD B2C, it reads the original URL from storage and then returns the user agent to this URL.

like image 61
Chris Padgett Avatar answered Oct 20 '22 12:10

Chris Padgett